Malware experts have found a new sophisticated second-stage backdoor, called Sunshuttle, which was uploaded by a U.S.-based entity to a public malware repository in August 2020.

An analysis published by FireEye reads: “Mandiant Threat Intelligence discovered a sample of the SUNSHUTTLE backdoor uploaded to an online multi-Antivirus scan service.”

“SUNSHUTTLE is a backdoor, written in GO, that reads an embedded or local configuration file, communicates with its C2 server over HTTPS and supports commands including remotely updating its configuration, file upload and download, and arbitrary command execution.”

The SUNSHUTTLE backdoor was likely designed to carry out network reconnaissance alongside other SUNBURST-related tools.

Mandiant investigators exposed the SUNSHUTTLE backdoor on a system of a victim impacted by UNC2452, and believe that it is associated with this hacker.

Experts have highlighted that the new malware was not detected using any trick to gain tenacity, which means that the persistence is likely set outside of the execution of this backdoor.

Related articles

What You Need to Know about Malware
Malware

What You Need to Know about Malware

By CertX
South Africa’s Power Company Hit by Ransomware Attack
Malware

South Africa’s Power Company Hit by Ransomware Attack

By CertX
Ransomware Disrupts Wyoming Hospital’s Services
Malware

Ransomware Disrupts Wyoming Hospital’s Services

By CertX
Users in the Middle East Targeted by ViceLeaker Android Spyware
Malware

Users in the Middle East Targeted by ViceLeaker Android Spyware

By CertX
One Million Devices Open to Wormable BlueKeep Vulnerability
Malware

One Million Devices Open to Wormable BlueKeep Vulnerability

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *